Miroslav Lachman
2017-Jan-03 13:11 UTC
VuXML entry for openssh - 10.3 sshd in base vulnerable
Security entries for base are in VuXML for some time so we are checking it periodically. Now we have an alert for base sshd in 10.3-p14 and -15 too. # pkg audit FreeBSD-10.3_15 FreeBSD-10.3_15 is vulnerable: openssh -- multiple vulnerabilities CVE: CVE-2016-10010 CVE: CVE-2016-10009 WWW: https://vuxml.FreeBSD.org/freebsd/2aedd15f-ca8b-11e6-a9a5-b499baebfeaf.html 1 problem(s) in the installed packages found. But there is no advisory on https://www.freebsd.org/security/advisories.html for this problem. Is it false alarm? Or did I missed something? Miroslav Lachman
Miroslav Lachman
2017-Jan-06 15:36 UTC
VuXML entry for openssh - 10.3 sshd in base vulnerable
Miroslav Lachman wrote on 2017/01/03 14:11:> Security entries for base are in VuXML for some time so we are checking > it periodically. Now we have an alert for base sshd in 10.3-p14 and -15 > too. > > # pkg audit FreeBSD-10.3_15 > FreeBSD-10.3_15 is vulnerable: > openssh -- multiple vulnerabilities > CVE: CVE-2016-10010 > CVE: CVE-2016-10009 > WWW: > https://vuxml.FreeBSD.org/freebsd/2aedd15f-ca8b-11e6-a9a5-b499baebfeaf.html > > 1 problem(s) in the installed packages found. > > > But there is no advisory on > https://www.freebsd.org/security/advisories.html for this problem. > > Is it false alarm? Or did I missed something?3 days without reply... Please, can somebody from FreeBSD team clarify if sshd in base is vulnerable or not? Kind regards Miroslav Lachman